Back 

Security Breach Legislation 2010

 

Security Breach Legislation 2010

Year-end summary: 2010

Summary:  Security breach-related legislation was enacted in 2010 in five states; introduced in at least 18 states in 2010.  See also Security Breach Laws and 2011, 20092008, 2007, 20062005, 2004, 2003, and 2002 legislation. 
 

CALIFORNIA
S.B. 1166
Status: October 7, 2010; Vetoed by Governor.
Requires any agency, person, or business required to issue a security breach notification that is required to issue a security breach notification to more than a specified number of residents to electronically submit a single sample copy of that security breach notification to the Attorney General. Requires the toll-free telephone numbers and addresses of the major credit reporting agencies if the breach exposed a social security number, a driver's license or a state identification card number.

IDAHO
H.B. 566
Status: March 31, 2010; Signed by Governor.
Amends existing law relating to disclosure of personal information to provide for application to city, county and state agencies, to provide that certain entities and individuals shall notify the office of the Idaho Attorney General in the event of certain breaches of security, to clarify that certain reporting requirements shall continue to apply to state agencies and to provide for violations and penalties.

ILLINOIS
H.B. 5708
Status: February 9, 2010; To House Committee on Rules.
Amends the Personal Information Protection Act; provides that "breach of the security of the system data" includes the unauthorized use of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by a data collector; provides that a data collector that owns or licenses personal information shall notify the Attorney General of a breach.

KENTUCKY
H.B. 581
Status: March 4, 2010; To House Committee on Judiciary.
Relates to consumer protection; creates new sections of KRS Chapter 367 to create definitions related to identity theft; restricts certain uses by businesses of a consumer's Social Security number subject to certain exceptions, and to make a violation subject to the same remedies, duties, powers, and penalties as violations of the Consumer Protection Act; requires a business to give specified notice to a person whose personal information was acquired in a security breach subject to certain exceptions.

MAINE
H.B. 941
Status: April 30, 2010; Senate adopts Majority Committee Report: Ought not to pass.
Concerns the confidentiality of health care information; asserts that medical records in the possession of a health care practitioner are the property of the patient; limits the costs a health care practitioner may recoup for providing electronic medical records; creates a definition of business associate of a health care practitioner; applies health care information confidentiality provisions to a business associate.

S.B. 130
Status: March 26, 2009; House adopts Majority Committee Report: Ought not to pass.
Requires self-service storage facilities to register with the Department of Professional and Financial Regulation, Bureau of Consumer Credit Protection; requires this registration, self-service storage facilities to give identifying information and submit a personal records disposal plan subject to the Bureau of Consumer Credit Protection's approval; regards that self-service storage facilities may not dispose of property left by an occupant in any manner that does not comply with their personal records.

MASSACHUSETTS
H.B. 326
Status: March 16, 2010; In Joint Committee on Consumer Protection and Professional Licensure: Set aside for study.
Relates to identity theft.

H.B. 3427
Status: March 16, 2010; In Joint Committee on Consumer Protection and Professional Licensure: Set aside for study.
Relates to identity theft protection.

S.B. 1691
Status: April 5, 2010; In Joint Committee on Judiciary: Extension Order Filed. Extended until 05/07/2010.
Relates to debt collection.  Provides that the sending or delivery of any form or notice which does not relate to the collection of a debt and is expressly required by law relating to notice of data security breach shall not be treated as an initial communication in connection with debt collection.

MICHIGAN
S.B. 149
Status: May 26, 2009; In House. To second reading.
Prohibits obtaining personal information over the internet by false pretenses.

S.B. 717
Status: August 5, 2009; To Senate Committee on Homeland Security and Emerging Technologies.
Creates the Information Security Program Standards Act; provides for the standards for safeguarding personal information; provides for civil immunity.

MISSISSIPPI
H.B. 583
Status: April 7, 2010;  Signed by to Governor
Relates to breach of security; requires notice.

S.B. 2099
Status: February 2, 2010; Died in committee.
Relates to breach of security; defines certain terms; requires notice of breach of security.

NEW HAMPSHIRE
H.B. 1613
Status: March 24, 2010; To Conference Committee
Relates to the general banking Laws of the state; requires a financial institution to file a copy of reports relative to security breach notification with the bank commissioner at the same time as such reports are filed; requires each financial institution to direct its auditor to notify the bank commissioner when it has been engaged by such financial institution.

NEW JERSEY
A.B. 175
Status: January 12, 2010; To Assembly Committee on Consumer Affairs.
Enhances duty and broadens liability concerning security of personal information, and response to breach of security, under Identity Theft Prevention Act.

A.B. 1429
Status: January 12, 2010; To Assembly Committee on Financial Institutions and Insurance.
Prohibits retail sales establishment from storing certain magnetic-stripe data; requires reimbursement for costs incurred by financial institution due to breach of security.

NEW YORK
A.B. 8840
Status: January 6, 2010; Recalled from Senate. Returned to Assembly.
Relates to provisions concerning debt collection procedures; includes debts for insurance or services; permits private right of action; relates to credit counselors; limits markings on mail. Provides that the sending of notice required by a security breach law shall not be treated as an initial communication in connection with debt collection.   

S.B. 3760
Status: March 31, 2009; To Senate Committee on Consumer Protection.
Provides for notification of persons whose private information is subject to an unauthorized acquisition.

S.B. 6036
Status: April 27, 2010; To Senate Committee on Codes.
Relates to provisions concerning debt collection procedures. Provides that the sending of notice required by a security breach law shall not be treated as an initial communication in connection with debt collection.   

NORTH CAROLINA
H.B. 1265
Status: September 29, 2009; 2009 General Assembly - First Session Adjourned - 08/11/2009 - Carried Over to 2010 General Assembly - Second Session.
Requires that private personnel services, job listing services, and individuals provide a notice to potential customers concerning identity theft.

PENNSYLVANIA
H.B. 1458
Status: May 7, 2009; To House Committee on Consumer Affairs.
egulates the use of credit reports, business records, Social Security Numbers and other personal information. Requires a business or public entity to destroy a costumer's records which contain personal information, which is not longer to be retained by the business or public entity. Requires disclosure to customers of any breach of security of computerized records. Prohibits the posting of or publicly displaying in any manner an individual's Social Security number.|

H.B. 2605
Status: June 30, 2010; To House Committee on Judiciary.
Amends the Judiciary and Judicial Procedure Code. Provides for immunity for private independent colleges from liability involving breach of confidentiality regarding student data or records shared with the Department of Education.

S.B. 155
Status: April 3, 2009; To House Committee on State Government.
Amends the Breach of Personal Information Notification Act of 2005. Further provides for notification of breach.

TENNESSEE
H.B. 2847
Status: February 23, 2010; From House Committee on Judiciary: Recommend passage.
Prevents the Tennessee Independent Colleges and Universities Association and its member institutions from being held liable for breach of confidentiality of student data or records that are required to be submitted to Tennessee Higher Education Commission, if the breach was a result of the actions of the commission or its staff.

S.B. 2793
Status: March 25, 2010; Public Chaptered. Chapter No. 650
Prevents the Independent Colleges and Universities Association and its member institutions from being held liable for breach of confidentiality of student data or records that are required to be submitted to the higher education commission, if the breach was a result of the actions of the commission or its staff.

VERMONT
H.B. 474
Status: January 7, 2010; To House Committee on Judiciary.
Proposes to repeal the sunset of the exemption for law enforcement agencies from the security breach notice act.

H.B. 722
Status: June 1, 2010; Signed by Governor
Relates to ticket scalping. (Security breach provisions were amended out of enacted versions.)

S.B. 149
Status: January 5, 2010; To Senate Committee on Judiciary.
Proposes to repeal the sunset of the exemption for law enforcement agencies from the security breach notice act.

VIRGINIA
H.B. 525
Status: January 13, 2010; Introduced.  (2010 Regular Session Adjourned.)
Requires notification to residents of the Commonwealth if their unredacted or unencrypted medical information or insurance information is the subject of a database breach.

H.B. 1039
Status: April 13, 2010; Acts of Assembly. Chapter No. 852
Requires notification to residents of the Commonwealth if their unredacted or unencrypted medical information or insurance information is the subject of a database breach; provides that notification requirements apply only to state and local government entities.

S.B. 224
Status: March 14, 2010; Failed to pass Senate. (2010 Regular Session Adjourned.)
Requires notification to residents of the Commonwealth if their unredacted or unencrypted medical information or insurance information is the subject of a database breach.

WASHINGTON
H.B. 1149
Status: March 22, 2010; Chapter No. 151
Provides that when a data breach occurs, remedial measures such as reissuance of credit or debit cards affected by the breach can help to reduce the incidence of identity theft and associated costs to consumers; encourages financial institutions to reissue credit and debit cards to consumers when appropriate; permits financial institutions to recoup data breach costs associated with such reissuance from large businesses and card processors who are negligent in maintaining or transmitting card data.

WEST VIRGINIA
S.B. 224
Status: February 17, 2010; To Senate Committee on Judiciary.  (2010 Regular Session Adjourned.)
Relates to imposing statutory lien on fire insurance proceeds under certain circumstances.
 

Security Breach Home

State Net logo

Share this: 
We are the nation's most respected bipartisan organization providing states support, ideas, connections and a strong voice on Capitol Hill.

NCSL Member Toolbox

Denver

7700 East First Place
Denver, CO 80230
Tel: 303-364-7700 | Fax: 303-364-7800

Washington

444 North Capitol Street, N.W., Suite 515
Washington, D.C. 20001
Tel: 202-624-5400 | Fax: 202-737-1069

Copyright 2014 by National Conference of State Legislatures